General

  • Target

    bca4874ec0058cdf8fc3dbef75bbfae0_NEIKI

  • Size

    1.3MB

  • Sample

    240508-qgmrysgf42

  • MD5

    bca4874ec0058cdf8fc3dbef75bbfae0

  • SHA1

    b5ae0e6b94eaebd09c43bcb4a9d6a2743673463c

  • SHA256

    b04c42d1d0284ec1dbcaf1ba24de33e2bae048e12de763505f97a5fe93ac7782

  • SHA512

    1b49414e08ee58cb50b32151409dcf8ed920453e4ca8d7b2ad465a227005e9f0580b48b543e88f07f9ac8cbd3ff9fd8cae829b549d7161063814b3cefc2bc722

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6gfU1pjwjbsXhmvZssrD+nRgnf4NvlOSrPJ:E5aIwC+Agr6g81p1vsrNiDJ

Malware Config

Targets

    • Target

      bca4874ec0058cdf8fc3dbef75bbfae0_NEIKI

    • Size

      1.3MB

    • MD5

      bca4874ec0058cdf8fc3dbef75bbfae0

    • SHA1

      b5ae0e6b94eaebd09c43bcb4a9d6a2743673463c

    • SHA256

      b04c42d1d0284ec1dbcaf1ba24de33e2bae048e12de763505f97a5fe93ac7782

    • SHA512

      1b49414e08ee58cb50b32151409dcf8ed920453e4ca8d7b2ad465a227005e9f0580b48b543e88f07f9ac8cbd3ff9fd8cae829b549d7161063814b3cefc2bc722

    • SSDEEP

      24576:zQ5aILMCfmAUjzX6gfU1pjwjbsXhmvZssrD+nRgnf4NvlOSrPJ:E5aIwC+Agr6g81p1vsrNiDJ

    • KPOT

      KPOT is an information stealer that steals user data and account credentials.

    • KPOT Core Executable

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks